bug#37420: [PATCH] Recommend against SHA-1 for security-related applications

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: Stefan Kangas <stefan@marxist.se>
To: Lars Ingebrigtsen <larsi@gnus.org>
Cc: 37420@debbugs.gnu.org
Subject: bug#37420: [PATCH] Recommend against SHA-1 for security-related applications
Date: Mon, 16 Sep 2019 23:50:33 +0200	[thread overview]
Message-ID: <CADwFkmnLuO_4vdV7K+MRtPWxas_4vQXPWeLPpKoZVg=pALU9-A@mail.gmail.com> (raw)
In-Reply-To: <87ef0grneg.fsf@gnus.org>

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Looks good.

Thanks.

As I was playing around with this a bit more, I also came up with
another patch (attached) to be committed on top of the first one.
This patch adds tests and makes some minor doc fixes.

Best regards,
Stefan Kangas

[-- Attachment #2: 0001-Add-tests-for-secure-hash-and-improve-doc-string.patch --]
[-- Type: text/x-patch, Size: 4090 bytes --]

From 64ba95dd564f22910b48f8644db4013f9fe65eb1 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <stefankangas@gmail.com>
Date: Mon, 16 Sep 2019 23:39:58 +0200
Subject: [PATCH] Add tests for secure-hash and improve doc string

* src/fns.c (Fsecure_hash_algorithms): Fix typo.
(Fsecure_hash): Add algorithm list to doc string.
* test/src/fns-tests.el (test-secure-hash): New test.
---
 src/fns.c                                         | 11 ++++++++++-
 .../emacs-lisp/package-resources/archive-contents |  5 ++++-
 test/src/fns-tests.el                             | 15 +++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/src/fns.c b/src/fns.c
index df921e28f3..5f53e596a1 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -5084,7 +5084,7 @@ make_digest_string (Lisp_Object digest, int digest_size)
 
 DEFUN ("secure-hash-algorithms", Fsecure_hash_algorithms,
        Ssecure_hash_algorithms, 0, 0, 0,
-       doc: /* Return a list of all the supported `secure_hash' algorithms. */)
+       doc: /* Return a list of all the supported `secure-hash' algorithms. */)
   (void)
 {
   return list (Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512);
@@ -5390,6 +5390,15 @@ DEFUN ("secure-hash", Fsecure_hash, Ssecure_hash, 2, 5, 0,
 ALGORITHM is a symbol specifying the hash to use:
 md5, sha1, sha224, sha256, sha384 or sha512.
 
+These symbols corresponds to the following hashing algorithms:
+
+    md5    - MD5
+    sha1   - SHA-1
+    sha224 - SHA-2 / SHA-224
+    sha256 - SHA-2 / SHA-384
+    sha384 - SHA-2 / SHA-384
+    sha512 - SHA-2 / SHA-512
+
 The two optional arguments START and END are positions specifying for
 which part of OBJECT to compute the hash.  If nil or omitted, uses the
 whole OBJECT.
diff --git a/test/lisp/emacs-lisp/package-resources/archive-contents b/test/lisp/emacs-lisp/package-resources/archive-contents
index e2f92304f8..fbbcdfa640 100644
--- a/test/lisp/emacs-lisp/package-resources/archive-contents
+++ b/test/lisp/emacs-lisp/package-resources/archive-contents
@@ -1,9 +1,12 @@
+;; RFC3339 timestamp
+;; Last-Updated: 2014-01-16T05:43:35.000Z
 (1
  (simple-single .
                 [(1 3)
                  nil "A single-file package with no dependencies" single
                  ((:url . "http://doodles.au")
-                  (:keywords quote ("frobnicate")))])
+                  (:keywords quote ("frobnicate"))
+                  (:hash )])
  (simple-depend .
                 [(1 0)
                  ((simple-single (1 3))) "A single-file package with a dependency." single])
diff --git a/test/src/fns-tests.el b/test/src/fns-tests.el
index 7d56da77cf..5be9a9eb7b 100644
--- a/test/src/fns-tests.el
+++ b/test/src/fns-tests.el
@@ -858,4 +858,19 @@ test-hash-function-that-mutates-hash-table
        (puthash k k h)))
     (should (= 100 (hash-table-count h)))))
 
+(ert-deftest test-secure-hash ()
+  (should (equal (secure-hash 'md5    "foobar") "3858f62230ac3c915f300c664312c63f"))
+  (should (equal (secure-hash 'sha1   "foobar") "8843d7f92416211de9ebb963ff4ce28125932878"))
+  (should (equal (secure-hash 'sha224 "foobar") (concat "de76c3e567fca9d246f5f8d3b2e704a3"
+                                                        "8c3c5e258988ab525f941db8")))
+  (should (equal (secure-hash 'sha256 "foobar") (concat "c3ab8ff13720e8ad9047dd39466b3c89"
+                                                        "74e592c2fa383d4a3960714caef0c4f2")))
+  (should (equal (secure-hash 'sha384 "foobar") (concat "3c9c30d9f665e74d515c842960d4a451"
+                                                        "c83a0125fd3de7392d7b37231af10c72"
+                                                        "ea58aedfcdf89a5765bf902af93ecf06")))
+  (should (equal (secure-hash 'sha512 "foobar") (concat "0a50261ebd1a390fed2bf326f2673c14"
+                                                        "5582a6342d523204973d0219337f8161"
+                                                        "6a8069b012587cf5635f6925f1b56c36"
+                                                        "0230c19b273500ee013e030601bf2425"))))
+
 (provide 'fns-tests)
-- 
2.20.1

next prev parent reply	other threads:[~2019-09-16 21:50 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-16  8:53 bug#37420: [PATCH] Recommend against SHA-1 for security-related applications Stefan Kangas
2019-09-16 11:21 ` Lars Ingebrigtsen
2019-09-16 20:29   ` Stefan Kangas
2019-09-16 20:34     ` Lars Ingebrigtsen
2019-09-16 21:50       ` Stefan Kangas [this message]
2019-09-16 22:25         ` Lars Ingebrigtsen
2019-09-17  9:17           ` Stefan Kangas
2019-09-17  6:05         ` Eli Zaretskii
2019-09-17 13:37           ` Robert Pluim
2019-09-28 10:19             ` Stefan Kangas
2019-09-28 19:55               ` Lars Ingebrigtsen
2019-10-04 15:33                 ` Stefan Kangas
2019-09-17  5:50       ` Eli Zaretskii
2019-09-17  9:09         ` Stefan Kangas
2019-09-17 11:53           ` Eli Zaretskii
2019-09-17 12:08             ` Stefan Kangas
2019-09-17 12:14               ` Stefan Kangas
2019-09-20 18:50       ` Stefan Kangas

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:df921e28f dfblob:e2f92304f dfblob:7d56da77c dfblob:5f53e596a
dfblob:fbbcdfa64 dfblob:5be9a9eb7
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CADwFkmnLuO_4vdV7K+MRtPWxas_4vQXPWeLPpKoZVg=pALU9-A@mail.gmail.com' \
    --to=stefan@marxist.se \
    --cc=37420@debbugs.gnu.org \
    --cc=larsi@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).